Categories: Malware

About “Win32/Injector.DRTW” infection

The Win32/Injector.DRTW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.DRTW virus can do?

Executable code extraction
Injection (inter-process)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Mimics the system’s user agent string for its own requests
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Detects Sandboxie through the presence of a library
Detects the presence of Wine emulator via function name
Installs itself for autorun at Windows startup
Attempts to identify installed analysis tools by a known file location
Checks for the presence of known devices from debuggers and forensic tools
Detects the presence of Wine emulator via registry key
Detects Sandboxie using a known mutex
Attempts to modify proxy settings
Checks for a known DeepFreeze Frozen State Mutex
Collects information to fingerprint the system
Anomalous binary characteristics

How to determine Win32/Injector.DRTW?


File Info:
crc32: FB90E173md5: 8d1012b90fed15091f86a2d406651aaename: 8D1012B90FED15091F86A2D406651AAE.mlwsha1: 5da21eea2fe71ab4b4ce9bd8aa5113cf552de1efsha256: 88a7c4a03ca05d1df3c7c40892bab0283f893b61addd1b9b7da79c507638690asha512: a2f977f1cbadb3030c243602a86356a29b95378cbe3f103b6979e7ae0f464d686120d363b0c1f117fda0b24e70753413988dd29a0025c04c95eaef564719a69assdeep: 3072:fAysFQXl0R0GmzcZdZSDp2eh2BaUfmEThZ+mIbmRl:lxXScoH8DoBa3kEAtype: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Version Info:
0: [No Data]

Win32/Injector.DRTW also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005190011 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.13570
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Exxroute.ZZ6
ALYac	Trojan.Ransom.Locky.DN
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Zuepan.2b0d2179
K7GW	Trojan ( 0051775f1 )
Cybereason	malicious.90fed1
Cyren	W32/S-bdfb9721!Eldorado
Symantec	Packed.Generic.493
ESET-NOD32	a variant of Win32/Injector.DRTW
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Backdoor.Win32.Tofsee.vho
BitDefender	Trojan.Ransom.Locky.DN
NANO-Antivirus	Trojan.Win32.Locky.eswbwb
ViRobot	Trojan.Win32.Locky.655360
SUPERAntiSpyware	Ransom.Cerber/Variant
MicroWorld-eScan	Trojan.Ransom.Locky.DN
Tencent	Malware.Win32.Gencirc.11495dd6
Ad-Aware	Trojan.Ransom.Locky.DN
Sophos	Mal/Generic-R + Mal/Elenoocka-E
Comodo	Backdoor.Win32.Poison.AD@7dp3ec
BitDefenderTheta	Gen:NN.ZexaF.34670.nqW@ay0aTFp
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CERBER.SMALY0
McAfee-GW-Edition	BehavesLike.Win32.Emotet.dc
FireEye	Generic.mg.8d1012b90fed1509
Emsisoft	Trojan.Ransom.Locky.DN (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Locky.dlt
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1120888
eGambit	Unsafe.AI_Score_99%
Microsoft	Trojan:Win32/Zuepan.A
Arcabit	Trojan.Ransom.Locky.DN
GData	Trojan.Ransom.Locky.DN
AhnLab-V3	Win-Trojan/RansomCrypt.Exp
Acronis	suspicious
McAfee	Ransom-Locky!8D1012B90FED
MAX	malware (ai score=80)
VBA32	Trojan.Encoder
Malwarebytes	Trojan.PasswordStealer
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom_CERBER.SMALY0
Rising	Trojan.Kryptik!1.AE8C (CLOUD)
Ikarus	Trojan-Ransom.Locky
Fortinet	W32/Kryptik.GKMB!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Locky.HxQBEpsA